how to clear a cookie value in request object
Mike Ellery
mellery451 at gmail.com
Sat Nov 2 18:04:30 UTC 2013
> Message: 5
> Date: Sat, 2 Nov 2013 03:41:26 +0400
> From: Maxim Dounin <mdounin at mdounin.ru>
> To: nginx-devel at nginx.org
> Subject: Re: how to clear a cookie value in request object
> Message-ID: <20131101234126.GJ95765 at mdounin.ru>
> Content-Type: text/plain; charset=us-ascii
>
> Hello!
>
> On Fri, Nov 01, 2013 at 09:41:20AM -0700, Michael Ellery wrote:
>
>> devs,
>>
>> I'm looking for advice about how to properly clear a cookie value from the current request so that it will be omitted
>> from the request when it goes upstream (to proxy). Here's the code I currently have:
>>
>> static ngx_str_t my_cookie_name = ngx_string("MyMagicCookieName");
>>
>>
>> ngx_uint_t i;
>> ngx_table_elt_t **h;
>> ngx_str_t null_header_value = ngx_null_string;
>> h = r->headers_in.cookies.elts;
>> for (i = 0; i < r->headers_in.cookies.nelts; i++) {
>> if (h[i]->value.len > my_cookie_name.len &&
>> 0 == ngx_strncmp(h[i]->value.data, my_cookie_name.data, my_cookie_name.len))
>> {
>> h[i]->value = null_header_value;
>> break;
>> }
>> }
>>
>>
>> my main concern is leaking memory -- will the nulling of this value cause memory to be leaked? If so, how can I fix this?
>>
>> A secondary concern is that I believe value can actually contain a list of comma separated of cookie name/vals, although
>> I've not actually encountered that problem so far. What would be the right way to wipe out only PART of the value data,
>> if that's indeed what I need to do?
>
> There are at least two problems with the above code:
>
> - It tries to modify r->headers_in, which is wrong. The
> r->headers_in contains headers as received from a client, and
> they are not expected to be modified. Modifications will likely
> result in undefined behaviour.
>
> - As you correctly assume, there can be more than one cookie in a
> single Cookie header (and usually there are - as long as there
> are more than one cookie used for a domain).
>
> Proper solution would be to provide a new value for the Cookie
> header in a variable (taking into account multiple cookies in a
> single header), and then use
>
> proxy_set_header Cookie $your_new_cookie_value;
>
> in configuration, much like with the $proxy_add_x_forwarded_for
> variable as available for X-Forwarded-For header modification.
>
> --
> Maxim Dounin
> http://nginx.org/en/donation.html
>
>
Maxim,
Thanks for your helpful response. Is there a predefined variable that
I can use to store my modified cookie value or will I just need to
create a new custom variable value?
Thanks,
Mike
--
+++++++++++++++++++
Mike Ellery
mellery451 at gmail.com
+++++++++++++++++++
More information about the nginx-devel
mailing list